@albertoielpo/kk-cli (>=1.1.0 <=1.1.2), @cyberskill/shared (>=2.20.0 <=2.27.0) +12 more potentially affected by CVE-2026-42334 via mongoose (>=9.0.0 <=9.1.5)

mongoose NPM version =9.0.0, =1.1.0, =2.20.0, =11.0.36, =11.7.0, =0.261.0, =0.98.0, =1.1.1, =9.0.0, =2.0.0, =1.0.2, =18.16.6, =18.17.2 Source cves: CVE-2026-42334 Source advisory: OSV:GHSA-WPG9-53FQ-2R8H...

Security Bulletin: IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997.

Summary IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32996 DESCRIPTION: In http-proxy-middleware before 2.0.8 and 3.x before...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.

Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48989...

PT-2025-41308

Name of the Vulnerable Software and Affected Versions Kibana versions 8.18.8, 8.19.5, 9.0.8, and 9.1.5 Description An issue exists in Kibana where improper neutralization of input during web page generation and improper validation of specified input types can lead to stored Cross-Site Scripting...

Linux Distros Unpatched Vulnerability : CVE-2017-11329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entityrestrict parameter that is not a list of integers. CVE-2017-11329...

CVE-2024-13814

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-13814

CVE-2024-13814 concerns the Global Gallery – WordPress Responsive Gallery plugin. All versions up to and including 9.1.5 are affected due to a flaw that allows values to be passed to do_shortcode without proper validation, enabling arbitrary shortcode execution. An attacker with Subscriber-level ...

PT-2025-6454 · WordPress · The Global Gallery

Name of the Vulnerable Software and Affected Versions: The Global Gallery - WordPress Responsive Gallery plugin for WordPress versions up to, and including, 9.1.5 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before...

WordPress Global Gallery - WordPress Responsive Gallery plugin <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

WordPress Global Gallery - WordPress Responsive Gallery plugin = 9.1.5 - Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Global Gallery versions = 9.1.5...

VulnCheck KEV: CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

CVE-2024-39735

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2024-39728 IBM Datacap Navigator cross-site scripting

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

CVE-2024-39732

CVE-2024-39732 affects IBM Datacap Navigator 9.1.5–9.1.9. The issue is information disclosure due to data stored temporarily from different environments that could be obtained by a malicious user. Affected versions: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. The connected documents describe the root caus...

PT-2024-4961 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue is related to the disclosure of system data to unauthorized individuals. It can be exploited by a remote attacker who sends specially crafted HTTP requests to reveal...

PT-2024-5093 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue is related to the error reporting mechanism in IBM Datacap Navigator, which could allow a remote attacker to obtain sensitive information when a detailed technical erro...